CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. IAPP
  5. CIPM

Free CIPM Exam Braindumps (page: 5)

Page 5 of 54
PDF with 276 Questions

What is the main function of the Asia-Pacific Economic Cooperation Privacy Framework?

  1. Enabling regional data transfers.
  2. Protecting data from parties outside the region.
  3. Establishing legal requirements for privacy protection in the region.
  4. Marketing privacy protection technologies developed in the region.

Answer(s): A


Reference:

https://iapp.org/resources/article/apec-privacy-framework/



Which of the following is TRUE about the Data Protection Impact Assessment (DPIA) process as required under the General Data Protection Regulation (GDPR)?

  1. The DPIA result must be reported to the corresponding supervisory authority.
  2. The DPIA report must be published to demonstrate the transparency of the data processing.
  3. The DPIA must include a description of the proposed processing operation and its purpose.
  4. The DPIA is required if the processing activity entails risk to the rights and freedoms of an EU individual.

Answer(s): D



As a Data Protection Officer, one of your roles entails monitoring changes in laws and regulations and updating policies accordingly.

How would you most effectively execute this responsibility?

  1. Consult an external lawyer.
  2. Regularly engage regulators.
  3. Attend workshops and interact with other professionals.
  4. Subscribe to email list-serves that report on regulatory changes.

Answer(s): D



SCENARIO:
Please use the following to answer the next question:

John is the new privacy officer at the prestigious international law firm – A&M LLP. A&M LLP is very proud of its reputation in the practice areas of Trusts & Estates and Merger & Acquisition in both U.S. and Europe.
During lunch with a colleague from the Information Technology department, John heard that the Head of IT, Derrick, is about to outsource the firm's email continuity service to their existing email security vendor – MessageSafe. Being successful as an email hygiene vendor, MessageSafe is expanding its business by leasing cloud infrastructure from Cloud Inc. to host email continuity service for A&M LLP.

John is very concerned about this initiative. He recalled that MessageSafe was in the news six months ago due to a security breach. Immediately, John did a quick research of MessageSafe's previous breach and learned that the breach was caused by an unintentional mistake by an IT administrator. He scheduled a meeting with Derrick to address his concerns.

At the meeting, Derrick emphasized that email is the primary method for the firm's lawyers to communicate with clients, thus it is critical to have the email continuity service to avoid any possible email downtime. Derrick has been using the anti-spam service provided by MessageSafe for five years and is very happy with the quality of service provided by MessageSafe. In addition to the significant discount offered by MessageSafe, Derrick emphasized that he can also speed up the onboarding process since the firm already has a service contract in place with MessageSafe. The existing on-premises email continuity solution is about to reach its end of life very soon and he doesn't have the time or resource to look for another solution. Furthermore, the off-premises email continuity service will only be turned on when the email service at A&M LLP's primary and secondary data centers are both down, and the email messages stored at MessageSafe site for continuity service will be automatically deleted after 30 days.

Which of the following is the most effective control to enforce MessageSafe's implementation of appropriate technical countermeasures to protect the personal data received from A&M LLP?

  1. MessageSafe must apply due diligence before trusting Cloud Inc. with the personal data received from A&M LLP.
  2. MessageSafe must flow-down its data protection contract terms with A&M LLP to Cloud Inc.
  3. MessageSafe must apply appropriate security controls on the cloud infrastructure.
  4. MessageSafe must notify A&M LLP of a data breach.

Answer(s): D



Page 5 of 54



Post your Comments and Discuss IAPP CIPM exam with other Community members:

Thato Mohutsi commented on August 20, 2024
Great Questions
Anonymous
upvote